According to a recent report, over half of CIOs reckon that users shouldn't be using social networking sites such as Facebook. The rationale is apparently that workers should be working not messing about discussing their latest baby photos or whatever.
But it's not as simple as that. To start with, should CIOs be the people who make that decision? They have the authority to argue that social networking can open the company to security risks but it's not in their purview to determine what people should be doing with their time - unless it's their own staff they're worried about.
What's at stake is company policy about how people do their jobs, and whether it's sensible to lock down how they do it, rather than set outcomes and allow people achieve those outcomes as best they might. Of course, this still means learning from the experience of others and operating within company rules but a code based on the general principles of English common law rather than those of the Napoleonic code makes the workplace a nicer environment to spend half your waking hours.
Additionally, people are increasingly using social networking to keep in touch with colleagues, their opposite numbers, partners and suppliers, and for many, that's a good use of their time from a commercial point of view.
That this is increasingly recognised even in the most locked down workplaces is evidenced by the way that the banks are using such techniques. Talking to Palo Alto Networks' CTO and founder Nir Zuk recently, I was surprised to hear that many banks are restructuring their security systems in order to allow them to open their networks for many purposes, including social networking.
Given all this, it's not up to the CIO to decide whether social networking should or should not be allowed. It's up to them to make it happen if the business finds it gives it an advantage.